Case Study: Managing rapid growth of a small

business with a QMS

www.intertek-sc.com

Introduction
EmeSec Incorporated (EmeSec) is a small, servicedisabled
veteran owned, woman owned, 8(a) consulting
company providing professional services in information
assurance and security. The companys efforts allow its
clients to more effectively manage their day-to-day
information security practices.
EmeSec has experienced a rapid growth rate of over
400% since its incorporation in 2003. In 2007, the
companys work transitioned to multi-year contracts.
Their contract awards range in size from $22,000 to over
$7.5 million.

Pursuing ISO 9001 certification

As the company grew, Maria Horton, CEO and President
of EmeSec, realized that its growth would be best
managed through quality.
ISO 9001:2000 certification serves as a foundation for
corporate growth, said Ms. Horton. Without a
corporate quality process, all of our procedures would be
too wieldy and too difficult to ensure distinction and
success.
EmeSec began its pursuit of ISO 9001 certification in late
2007. As a provider of professional services, they quickly
implemented the ISO 9001 standard within their Quality
Management System (QMS) to serve as both a standard
and a measure of activities to be accomplished.
Developing the QMS early, as a rapidly growing service
organization, has been helpful in identifying key
management indicators [metrics] and in reducing risk as
the company takes on more multi-year and complex
tasks, said Ms. Horton.

A foundation for success

The EmeSec QMS has served as a foundation for
exploring all of the companys processes. EmeSec has
used ISO 9001 to review Human Resources issues,
including the recruiting, interviewing, and staffing
process. EmeSec has also used the QMS tenets to focus
on the proposal response and subcontracting processes,
resulting in the ability to identify, manage, and
accomplish key deliverables with greater efficiency and
effectiveness. Our staff is now focused on measurable
performance and consistent outcomes, said Ms. Horton.
ISO 9001:2000 has also impacted EmeSecs strategy
toward revenue growth. The standard helped the
company to better define their corporate vision, and
manage the QMS so its processes would be
proportionate to the companys size. They use the QMS

in daily operations, and hold valuable monthly meetings

to evaluate quality performance. This alone assists our
company to demonstrate its value to our customers,
said the EmeSec CEO. When we discuss quality with
our customers, they know that we have the key
elements of risk addressed for us and for them.

Working with Intertek

The initial ISO 9001 certification process requires a
registrar that understands your corporate vision and
goals. Intertek did that, especially in accommodating
our need to have efficient and integrated processes,
said Ms. Horton.
EmeSec has opted for a semi-annual surveillance
schedule: Intertek performs an audit every six months to
ensure their systems ongoing conformity. Ms. Horton
commented, Its a very good partnership. We actually
look forward to Interteks visits as an aid to our success.
They help us ensure that our processes adapt to our
growth.
To learn more about management systems certification
from Intertek, or to begin your project right away, call
1-800-967-5352 or e-mail icenter@intertek.com.
At EmeSec, quality is used and given thought it is not just an add-on paperwork drill to
maintain the certification.
- Maria Horton, EmeSec CEO/President

About EmeSec
EmeSec Incorporated is a professional consulting service company that specializes in providing
complete solutions to our clients. With over six years of directly relevant prime and
subcontracting experiences, we focus on providing the right people and approach in order to
ensure that each mission is effectively achieved. Our core capabilities remain management
consulting services specializing in Information Assurance (IA), Healthcare IT, Logistics and All
Hazard Preparedness, Advisory and Assistance Services, Policy Development, Privacy, and
Information and Data Protection.

CEOs Message

At EmeSec, we take pride in our ability to stay abreast of information

security trends and the changes necessary to meet the challenges of security and compliance. It
is no secret that information and data protection is the priority of 2008. Todays valuable identity
information is easy to access for criminal activity, unsolicited marketing or intended marketing and
this information exists everywhere from data warehouses to laptops to handhelds. Secure
information sharing will need to address collaboration on a need-to-know-basis in context. This
emphasis suggests that traditional network security practices must be enlivened and adapted to
address privacy, confidentiality, intellectual property and other business practices with new
actions even, and especially, when resources are limited.
Information Assurance is evolving beyond technical network and application protection. We are
finding with our clients that the requirements for success require consideration of newer
technological changes like Web 2.0, Virtualization, and IPv6, along with practical implementation
strategies that meet the culture of the organization for success. This has become the new
baseline of business productivity and informed business decision-making.
This is what our clients expect and deserve and this is whatEmeSec professionals provide.
Maria Horton
CEO/President

Key Services
Security & Compliance Support Services
- FISMA Reporting
- C&A Testing & Documentation
Including DITSCAP/DIACAP
- Contingency Planning &
Disaster Recovery Services
- Incident Response
- CPIC and Financial Auditing
Technical Security Services
- Risk Assessment Services
- Penetration Testing
- Vulnerability Assessments
- Federal Desktop Core
- Configuration Compliance Testing
Change Management

- Security Program Management

- Strategic Planning
- Reporting
- Security Services
Market Research
- FDCC tools
- Privacy tools
- E-Discovery & ESI
architecture Tools
- Implementation strategies
Security Training
- Curriculum Development
- Risk Management
- C&A

Certifications
- ISO 9001:2000 Certified
- ISO 9001:2008 Compliant
- CMMI Level 2
- Certified Information System Security Professional (CISSP)
- Information System Security Management Professional (ISSMP)
- Certified Information Systems Auditor (CISA)
- Certification and Accreditation Professional (CAP)
- Red Hat Certified Technician (RHCT)
- Microsoft Certified System Engineer (MCSE)
- InfoSec Assessment Methodology (IAM)
EmeSec Incorporated believes that Section 508 is good for everyone be they government or
private sector. We plan to work closely, as applicable with each of our software GSA partners,
with federal IT managers and fellow technology-industry leaders to help government comply with
their new regulations.
Our vision is that Section 508 will stimulate more competition and innovation on accessible
technology which in turn will lead to an increased number of people with disabilities finding
employment that meets their knowledge, skills and abilities.
For more information on assistive technology and resources visit www.section508.gov